Dfir-Home-Hero-Background

Where Incidents Become Intelligence

The DFIR Report delivers detailed, actionable intelligence drawn directly from observed intrusions—empowering organizations to harden defenses, improve detection, and respond smarter.

Through a combination of public reporting, enterprise threat intelligence products, real-world training environments, and analyst coaching, we provide the tools, services, and support defenders need to stay ahead of evolving threats.

Products Services

Trending Reports

Our collection of free public intel reports helps summarize, assess, and expand on a wide range of topics and current events in the cybersecurity space. These reports are made possible by all of the volunteers who work to support this valuable resource.

ransomware rdp
ransomware, rdp
Cat’s Got Your Files: Lynx Ransomware
Read more
December 17, 2025
akira Flash Alert ransomware
akira, Flash Alert, ransomware
From Bing Search to Ransomware: Bumblebee and AdaptixC2 Deliver Akira
Read more
November 4, 2025
bruteratel cobaltstrike latrodectus
bruteratel, cobaltstrike, latrodectus
From a Single Click: How Lunar Spider Enabled a Near Two-Month Intrusion
Read more
September 29, 2025
dragonforce play ransomhub
dragonforce, play, ransomhub, sectoprat
Blurring the Lines: Intrusion Shows Connection With Three Major Ransomware Gangs
Read more
September 8, 2025
Flash Alert
Flash Alert
KongTuke FileFix Leads to New Interlock RAT Variant
Read more
July 14, 2025
ransomhub ransomware rdp
ransomhub, ransomware, rdp
Hide Your RDP: Password Spray Leads to RansomHub Deployment
Read more
June 30, 2025
elpacoteam mimic ransomware
elpacoteam, mimic, ransomware
Another Confluence Bites the Dust: Falling to ELPACO-team Ransomware
Read more
May 19, 2025
ransomware sliver
ransomware, sliver
Navigating Through The Fog
Read more
April 28, 2025
blacksuit bruteratel cobaltstrike
blacksuit, bruteratel, cobaltstrike, ransomware, sectoprat
Fake Zoom Ends in BlackSuit Ransomware
Read more
March 31, 2025
exploit lockbit ransomware
exploit, lockbit, ransomware
Confluence Exploit Leads to LockBit Ransomware
Read more
February 24, 2025
cobaltstrike lockbit ransomware
cobaltstrike, lockbit, ransomware
Cobalt Strike and a Pair of SOCKS Lead to LockBit Ransomware
Read more
January 27, 2025
cobaltstrike more_eggs
cobaltstrike, more_eggs
The Curious Case of an Egg-Cellent Resume
Read more
December 2, 2024

Looking for deeper, more immediate insights?

Our exclusive Private Reports deliver concise, intelligence-rich summaries published shortly after intrusions.

What We Offer

Products

From exclusive insights to immersive labs, each solution helps you expand and enhance your threat detection capabilities.

Threat Intel

Specialized framework monitoring designed for the detection/blocking of egress traffic

Read more

DFIR Labs

Cloud-based hands-on learning experiences using real data from real intrusions

Read more

Case Artifacts

Real-world incident data from public DFIR reports, including Indicators of Compromise (IOCs)

Read more

Detection Pack

Private Ruleset focusing on Sigma rules using insights derived from first party threat intelligence and internal cases

Read more

Threat Feed

Reconstructed network traffic (pcaps) extracted from public incident reports, enabling high-fidelity replay and analysis of attacker behavior

Read more

Active Defense

Uncover, analyze, and disrupt threats with managed deception technology.

Read more

AI Training Ground

provides access to a unique repository of real-world digital forensics and incident response (DFIR) data and Indicators of Compromise (IOCs).

Read more

Services

Access practical, expert-led support designed to elevate your security capabilities—from individual analyst growth to enterprise threat intel operations.

Training

Personalized development sessions designed for aspiring and seasoned information security professionals

Explore

Professional Services

Work directly with DFIR practitioners to enhance your CTI program

Explore

Who We Are

The DFIR Report was founded by dedicated security analysts with the shared goal of documenting and exposing real-world attacker tactics, techniques, and procedures (TTPs).

What began as a community-driven volunteer project evolved into a globally respected CTI platform and commercial business that proudly serves enterprise and government customers.

85+

reports published

20+

expert analysts

9K+

subscribers

Subscribe & Stay Informed

Keep up-to-date on the latest reports by subscribing to our monthly newsletter.

Follow Us

Subscribe to updates from our team and follow us on LinkedIn to stay informed and connected.

Subscribe
Work with Us

Get a firsthand look and feel for DFIR’s services by scheduling your free demo with our team.

Book a Demo
Start Training

Learn from real-world cybersecurity intrusions to sharpen your investigation skills, from beginner to expert levels.

Access DFIR Labs

The DFIR Report provides in-depth, real-world intelligence based on observed intrusions, enabling security analysts and teams 
to strengthen defenses, enhance detection, 
and accelerate response.

© 2025 The DFIR Report. All Rights Reserved. | Privacy Policy